recoverjpeg

recoverjpeg is designed to recover JFIF (JPEG) pictures and MOV movies from devices like digital camera memory cards or filesystem images, especially when partitions are mistakenly overwritten or devices are corrupted. The package includes executables: recoverjpeg for JPEG recovery, recovermov for MOV movies, remove-duplicates to eliminate duplicate files, and sort-pictures to organize pictures by EXIF date.

This tool is particularly valuable in forensics investigations as a carver, extracting media files from raw data without relying on filesystem structures. Users can restore files to a specified directory, manage file naming, and post-process recoveries to remove duplicates and sort by metadata.

Additional utilities like remove-duplicates help clean up results by identifying and optionally deleting duplicate files in the current directory. sort-pictures organizes recovered JPEGs into directories based on EXIF dates, sizes, or validity, creating hard links for efficient management.

recoverjpeg performs data carving by scanning input files or devices in blocks (default 512 bytes) to identify and extract JPEG (JFIF) headers and footers, reconstructing files up to a maximum size (default 6MB). recovermov applies similar carving techniques for MOV movie files. Post-processing tools like remove-duplicates compare file contents to identify exact matches bidirectionally unless -f is used for one-way removal. sort-pictures parses EXIF tags in JPEGs matching the image?????*.jpg pattern, categorizing into directories like invalid, small (<100KB), undated, or YYYY-MM-DD based on extraction date.